Description
In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS.
The user name should be "sentry" instead of current login user.
The followiong code shows how current login user name is used when subject is null.
In UserGroupInformation, if the context does not have subject, the getLoginUser() is used as user name
@Public
@Evolving
public static UserGroupInformation getCurrentUser() throws IOException
This issue should not happen in production because secure mode is always used. Insecure mode is only used in test.
Attachments
Attachments
Issue Links
- links to